" hipaa Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘hipaa’

TLS Exclusive: HIPAA-compliant email marketing just got a whole lot better

Thursday, May 10th, 2018

If you are a healthcare organization and have to abide by HIPAA regulations, you may be struggling with HIPAA-compliant email marketing.  Besides getting patient consent, there is the whole concern that the marketing email messages need to be secured, as in many cases the marketing messages plus the addresses or list being used imply something about the recipients … something ePHI-related.

SMTP TLS Exclusive

It is a best practice to use a HIPAA-compliant email marketing service to send healthcare-related email marketing messages, newsletters, appointment reminder emails, etc.  Such a service signs the required HIPAA Business Associate Agreement with you, takes care of your data, and ensures that your email messages go securely to your recipients.

Read the rest of this post »

When can sending TLS-Secured Email be NOT HIPAA Compliant?

Tuesday, May 1st, 2018

In a question recently submitted to “Ask Erik,” John asked:

“How does sending a TLS-encrypted email sometimes become non-compliant?  Lets says I send an email from my Office 365 Business account to a gmail.com account which both support TLS encryption.  Is it because I do not know what path and what servers the email has to go through?  Does each server have to decrypt the email and is that when it becomes non-compliant?  I love the Luxsci forms by the way!”

What is TLS email not HIPAA compliant?
This is a great question!  In a recent survey that LuxSci did, less than 50% the people interested in secure email even knew what TLS is and how it works.  So it is not surprising that there is a lot of confusion out there about what is acceptable for compliance and what is not.

Read the rest of this post »

What is Cloud Computing? Or How to Speak Intelligently about Cloud and Virtual Private Servers

Tuesday, March 20th, 2018

We are often asked questions about Cloud Servers and Virtual Private Servers (VPS) and which is better and in what circumstances.  We also find that many customers are using these terms without a good understanding of what they mean and the differences between them.

What is the difference: Public vs Private Cloud

Read the rest of this post »

Email Archival is Required by HIPAA

Tuesday, February 6th, 2018

Customers constantly inquire if Email Archival services are really required by HIPAA regulations.

There is a great deal of confusion and uncertainty here because:

  1. HIPAA by its nature is vague, listing many things that you need to do, but not saying how.  This makes things flexible and workable, if ambiguous.
  2. Email Archival generally adds cost to any email solution — and everyone prefers to avoid unnecessary costs.
  3. Most want to do the minimum needed for compliance due to time and budgetary constraints.

Email Archival is Required by HIPAA

In our opinion, Email Archival is an implicit requirement of HIPAA for all organizations that utilize email for the sending or receipt of ePHI should invest in.  In the next section, we’ll review why.

Read the rest of this post »

SecureForm Dropbox Integration Now Available

Friday, February 2nd, 2018

LuxSci SecureForm now supports sending your web and PDF form data to your Dropbox account.  Simply choose “Dropbox” from the available integrations, enter your Dropbox App token (follow our simple help guide to generate that), and specify what data formats should be uploaded.

  • Send data as: text, HTML, CSV, XML, custom text/html template, PDF template, etc.
  • Files can be uploaded as dated ZIP archives or dated individual files.
  • End-user files uploaded to your forms are also sent to Dropbox

HIPAA Compliance?  As long as you have a HIPAA-compliant Dropbox account and configure your Dropbox appropriately, you can use SecureForm to send your form data to Dropbox in a HIPAA-compliant manner.

Try it out!

Case Study: Securely Email Medical Laboratory Results to Patients

Thursday, February 1st, 2018

We count many medical laboratories among our customers.  They process lab tests for doctors and send the results to the patients via email.

Medical laboratories, while sometimes not HIPAA covered entities themselves, are Business Associates with Hospitals and doctors who are required to abide by HIPAA.  By the “transitive” nature of the HIPAA privacy laws, such Business Associates must take pains to abide by HIPAA security and privacy standards, protecting patient data, and ensuring confidentiality.

Medical labs use large scale secure email sending

In order to send patients their results via email, these labs must use a HIPAA-complaint system that can send email to anyone with an email address.

This post describes how one large medical lab uses LuxSci’s SecureLine to safely deliver lab results to 1000s people every day.

Read the rest of this post »

Cyber Espionage Infiltrates American Small Business

Tuesday, January 30th, 2018

The last thing an architect could imagine is that his company’s proposal for a new commercial building site along a stunning San Francisco Bay view would lose to a competitor with a similar design and infrastructure, a lower bid, and a leaner delivery schedule. It happened. And cyber-espionage was the culprit.

New technology spans the globe as small businesses find themselves victims to espionage as someone steals their sales pipelines, customer lists, corporate secrets, and corridors to their Fortune 1000 clients without their knowledge. It was Robert Mueller, former head of the FBI, who stated in 2012 that “there are only two types of companies: those that have been hacked and those that will be.” A well-known attorney updated that comment recently when he warned his colleagues that “You are a company that has been hacked or a company that doesn’t know you were hacked.” This is a reality check for all business owners.

Read the rest of this post »

How iDTech Leverages SecureForm to Scale Their Organization

Saturday, January 20th, 2018

Interview with Kristi Murnin: Compliance and Risk Assessment Associate at iDTech.

January, 2018.

See iDTech online at https://www.idtech.com

Read a full transcript of this interview.

17 Questions To Ask Yourself Before You Send A HIPAA-Compliant Marketing Email

Thursday, January 18th, 2018

You’ve just been told that you need to rethink your entire email marketing system. Your attorney and compliance specialist are both telling that you need to implement HIPAA-compliant email marketing.

Your starting point is to break down that goal into two components: business goals and HIPAA compliance. Your email marketing has to achieve your business goals like providing fast customer service and generating more appointments. Next, you need to put HIPAA compliant systems and processes in place.

Use these 17 questions to review your email marketing aligns with your business goals and HIPPA.

 

Read the rest of this post »

Ask Erik: Is misaddressed email a HIPAA breach?

Friday, December 8th, 2017

Read the rest of this post »